Most of the time, the API requires authentication. To enable the API-style authentication, you have to check Enable REST API in Administration -> Settings -> Authentication. Then, authentication can be done in 2 different ways:

using your regular login/password via HTTP Basic authentication.

using your API key which is a handy way to avoid putting a password in a script. The API key may be attached to each request in one of the following way:

passed in as a "key" parameter

passed in as a username with a random password via HTTP Basic authentication

passed in as a "X-Redmine-API-Key" HTTP header (added in Redmine 1.1.0)

You can find your API key on your account page ( /my/account ) when logged in, on the right-hand pane of the default layout.

The response to a GET request on a collection ressources (eg. /issues.xml, /users.xml) generally won't return all the objects available in your database. Redmine 1.1.0 introduces a common way to query such ressources using the following parameters:

offset: the offset of the first object to retrieve

limit: the number of items to be present in the response (default is 25, maximum is 100)

Alternatively, you can use the page parameter, instead of offset, in conjunction with limit.

Examples:

GET /issues.xml
=> returns the 25 first issues
GET /issues.xml?limit=100
=> returns the 100 first issues
GET /issues.xml?offset=30&limit=10
=> returns 10 issues from the 30th
GET /issues.xml?page=3&limit=10
=> same as above

Responses to GET requests on collection ressources provide information about the total object count available in Redmine and the offset/limit used for the response. Examples:

Note: if you're using a REST client that does not support such top level attributes (total_count, limit, offset), you can set the nometa parameter or X-Redmine-Nometa HTTP header to 1 to get responses without them. Example: